lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20071017153412.6ef040bf@freepuppy.rosehill>
Date:	Wed, 17 Oct 2007 15:34:12 -0700
From:	Stephen Hemminger <shemminger@...ux-foundation.org>
To:	Krzysztof Oledzki <olel@....pl>
Cc:	netdev@...r.kernel.org
Subject: Re: TCP port randomization

On Thu, 18 Oct 2007 00:31:13 +0200 (CEST)
Krzysztof Oledzki <olel@....pl> wrote:

> 
> 
> On Wed, 17 Oct 2007, Stephen Hemminger wrote:
> 
> > On Wed, 17 Oct 2007 23:15:48 +0200 (CEST)
> > Krzysztof Oledzki <olel@....pl> wrote:
> >
> >> Hello,
> >>
> >> Is it normal that TCP port randomization (tested with 2.6.22) works only
> >> when explicitly binding to a IP address:
> >>
> >>
> >> --- cut here ---
> >> root@fw1:~# nc 192.168.129.28 11
> >> (UNKNOWN) [192.168.129.28] 11 (systat) : Connection refused
> >> root@fw1:~# nc 192.168.129.28 11
> >> (UNKNOWN) [192.168.129.28] 11 (systat) : Connection refused
> >> root@fw1:~# nc 192.168.129.28 11
> >> (UNKNOWN) [192.168.129.28] 11 (systat) : Connection refused
> >>
> >> 23:11:11.896126 IP 192.168.129.2.37839 > 192.168.129.28.11: S
> >> 23:11:12.146573 IP 192.168.129.2.37840 > 192.168.129.28.11: S
> >> 23:11:12.396488 IP 192.168.129.2.37841 > 192.168.129.28.11: S
> >> --- cut here ---
> >>
> >>
> >> --- cut here ---
> >> root@fw1:~# nc -s 192.168.129.2 192.168.129.28 11
> >> (UNKNOWN) [192.168.129.28] 11 (systat) : Connection refused
> >> root@fw1:~# nc -s 192.168.129.2 192.168.129.28 11
> >> (UNKNOWN) [192.168.129.28] 11 (systat) : Connection refused
> >> root@fw1:~# nc -s 192.168.129.2 192.168.129.28 11
> >> (UNKNOWN) [192.168.129.28] 11 (systat) : Connection refused
> >>
> >> 23:11:31.704391 IP 192.168.129.2.57204 > 192.168.129.28.11: S
> >> 23:11:34.400048 IP 192.168.129.2.14512 > 192.168.129.28.11: S
> >> 23:11:34.606707 IP 192.168.129.2.20117 > 192.168.129.28.11: S
> >> --- cut here ---
> >>
> >> Best regards,
> >>
> >>  				Krzysztof Olędzki
> >
> > It is a expected side effect.
> 
> So it is not possible to use randomization without binding to a specific 
> srcip?
> 
> > The starting point for the search
> > is based on hash(srcaddr, dstaddr, dstport, secret).
> > You are using same source, dest and port so yes it will stay
> > the same until rekeying occurs.
> > The secret only changes every 5min same as TCP initial sequence number.
> 
> If I get it right, even with explicitly selected constant srcaddr port 
> numbers should simply increase? This is not what I observed.
> 
>
When you set srcaddr, it calls bind, and bind does randomization always
independent of address.

This existing behavior may seem odd, but it shouldn't present a security
problem.

-- 
Stephen Hemminger <shemminger@...ux-foundation.org>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ